CX CSRF @ src/main/webapp/changeCardDetails.jsp [refs/heads/master]

**CSRF** issue exists @ **src/main/webapp/changeCardDetails.jsp** in branch **refs/heads/master**

*Method cardno=request.getParameter at line 37 of src\main\webapp\changeCardDetails.jsp gets a parameter from a user request from &quot;&quot;cardno&quot;&quot;. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).*

Severity: Medium

CWE:352

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/352.html)

[Checkmarx](https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1007325&projectid=1350&pathid=245)

[Training](null)
[Recommended Fix](https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=648&queryVersionCode=56758536&queryTitle=CSRF)

Lines: 37 38 39 

---
[Code (Line #37):](null#L37)
```
        String cardno=request.getParameter("cardno");
```
---
[Code (Line #38):](null#L38)
```
        String cvv=request.getParameter("cvv");
```
---
[Code (Line #39):](null#L39)
```
        String expirydate=request.getParameter("expirydate");
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX CSRF @ src/main/webapp/changeCardDetails.jsp [refs/heads/master] #197

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

CX CSRF @ src/main/webapp/changeCardDetails.jsp [refs/heads/master] #197

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions