ebrukaya
Reputation: 1
JSF 2.3.9 and Fortify Warnings (Reflected XSS and Directory Traversal)
I am using JSF 2.3.9 and Fortify and I am getting the following warnings: 1. Reflected XSS:
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. 2. Directory Traversal: Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. I couldn't understand the reason for these warnings and how to solve them. I need help from JSF and security experts.
I just searched the problem and found nothing. I can't solve it.
Upvotes: 0
Views: 101
Answers (0)
Related Questions
- Fortify: Cross-Site Scripting: Reflected
- Does my code prevent directory traversal?
- Preventing Directory Traversal in PHP but allowing paths
- What is the difference between JSF, Servlet and JSP?
- How can I mitigate an inputHidden XSS vulnerability on JSF according to Fortify SAST?
- What is the JSF resource library for and how should it be used?
- JSF SelectItems and escaping (xss)
- Directory traversal attacks