Reflective cross-site scripting attack

Hi！
    I am a staff member of QiAnXin Code Guard. In our open source code detection project, I found two reflective xss vulnerabilities in mTracker. The details are as follows:
![图片](https://user-images.githubusercontent.com/39950310/57188013-4a74f800-6f2a-11e9-89c0-2020f17b4105.png)
The errorErrorDescription method receives the errorcode parameter in the uri, and returns directly without checking. If the returned information is on the page, it will lead to cross-site scripting attack.

The same problem still exists in QueueService.java
![图片](https://user-images.githubusercontent.com/39950310/57188436-3680c480-6f31-11e9-9c6b-341e3b732cae.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Reflective cross-site scripting attack #2

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Reflective cross-site scripting attack #2

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions