Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Path fragment issue for inside a tag parameter between double quotes.

User_19BPUMar 5 2017

Hi,

I got XSS (cross site scripting issue) for the below in one of my JSP page:-

"Path Fragment input /store/<s>/[*]_<n>/<s> was set to SubCat1ECS"onmouseover=UaTZ(9025)"

The input is reflected inside a tag parameter between double quotes."

What does it mean? what is the fix we need to do for it? whether "onmouseover=UaTZ(9025)" is the issue here? which is in double quotes? please let me know how we can handle it?

Thanks

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 2 2017

Added on Mar 5 2017

#javaserver-pages-jsp-and-jstl

0 comments

830 views