Patched src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java

patched.codes[bot] · patched.codes[bot] · commit 22bc5d529c22 · 2024-05-07T15:20:17.000+08:00
diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java
@@ -25,6 +25,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import com.ibm.security.appscan.altoromutual.util.DBUtil;
+import org.apache.commons.text.StringEscapeUtils;
 
 /**
  * This servlet handles site admin operations
@@ -115,7 +116,8 @@ else if (request.getRequestURL().toString().endsWith("changePassword")){
 		else
 			message = "Requested operation has completed successfully.";
 		
-		request.getSession().setAttribute("message", message);
+		String safeMessage = StringEscapeUtils.escapeHtml4(message);
+		request.getSession().setAttribute("message", safeMessage);
 		response.sendRedirect("admin.jsp");
 		return ;
 	}
