1

I am facing a XS_Reflected_XSS issue related to Checkmarx. Working in SAP HANA XSJS.

Following is my code extract :

action = **$.request.parameters.get("action");**
        switch ($.request.method) {
        case $.net.http.GET:
            switch (action) {
            case "ds":
                res = aLib.getds();
                break;

It calls the $.request.parameters.get("action"); as a checkmarx issue. Anyone knows how to resolve this.

Thanks.

Sandra Rossi
  • 11,934
  • 5
  • 22
  • 48
abhi5800
  • 374
  • 1
  • 5
  • 21
  • Where else is the `action` variable used? Any instance of XSS would require the payload to be written out to the response or page, at some point, somehow... – AviD Oct 26 '16 at 12:43
  • 1
    @AviD Thanks boss. Got it. There was one more reference to action in the code removed it and the checkmarx was resolved. – abhi5800 Nov 04 '16 at 04:26

0 Answers0