Java Spring Mvc Css Injection
Description
Detects potential CSS injection vulnerabilities in Java Spring MVC applications where user-controlled input could be used in CSS-related attributes without proper sanitization. This could allow attackers to inject malicious CSS code, potentially leading to UI manipulation or Cross-Site Scripting (XSS) attacks.
Detection Strategy
• Checks if Spring MVC related imports are present in the code (org.springframework.web.servlet.ModelAndView or org.springframework.web)
• Identifies usage of CSS-related setter methods or properties in ModelAndView objects
• Traces if user-controlled input (like request parameters, form data) flows into CSS-related attributes
• Reports a vulnerability when user input can reach CSS properties without proper sanitization or validation
Vulnerable code example
@Controller
public class CSSInjectionController {
@PostMapping("/style")
public ModelAndView process(@RequestParam("style") String style, ModelAndView mav) {
// Vulnerable: User input directly included in style without sanitization
mav.addObject("style", style);
return mav;
}...✅ Secure code example
@Controller
public class CSSInjectionController {
private static final Map<String, String> ALLOWED_STYLES = Map.of(
"bootstrap", "@import url('https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css')",
"dark", "@import url('/css/dark.css')",
"light", "@import url('/css/light.css')"
);
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.