Unsecure usage of HTTP parameter (DeepCode)

Description

Unsanitized input flows from an HTTP parameter (romeocolour) and is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).

mir-module/src/main/java/org/mycore/mir/sherpa/MIRSherpaServlet.java:83

Environment

None

Assignee

Unassigned

Reporter

Andre Herzog

Labels

None

URL

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Medium
Configure