cachecloud icon indicating copy to clipboard operation
cachecloud copied to clipboard
verified publisher icon sohutv

Cross-Site Scripting: Reflected

Open QiAnXinCodeSafe opened this issue 4 years ago • 0 comments

https://github.com/sohutv/cachecloud/blob/f9dfc98eadcfd7d56821852ece0c73d14cb171e1/cachecloud-web/src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java#L95 https://github.com/sohutv/cachecloud/blob/f9dfc98eadcfd7d56821852ece0c73d14cb171e1/cachecloud-web/src/main/webapp/WEB-INF/jsp/client/appClientIndex.jsp#L19-L20

Sending unvalidated data to a web browser can result in the browser executing malicious code. In line 95, ‘startDate’ is regarded to as tainted data,it will be affect line line19 and line20.

QiAnXinCodeSafe avatar Aug 03 '21 09:08 QiAnXinCodeSafe